diff --git a/barbican/values.yaml b/barbican/values.yaml index d88b35a1bc..e68b59deae 100644 --- a/barbican/values.yaml +++ b/barbican/values.yaml @@ -136,7 +136,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml index 8d74fb9145..a8336a6d97 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml @@ -60,7 +60,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / port: 8777 node_port: enabled: false diff --git a/cinder/values.yaml b/cinder/values.yaml index 9e07e76d36..192008b0c1 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -220,7 +220,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/congress/values.yaml b/congress/values.yaml index aeb110f99d..901d019fcb 100644 --- a/congress/values.yaml +++ b/congress/values.yaml @@ -26,7 +26,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 1789 diff --git a/glance/values.yaml b/glance/values.yaml index 81c0a5fdaf..b3cd179279 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -276,8 +276,8 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: "1024M" + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-body-size: "1024M" external_policy_local: false node_port: enabled: false @@ -287,7 +287,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml index 35c894c832..058ac35e3a 100644 --- a/gnocchi/values.yaml +++ b/gnocchi/values.yaml @@ -29,7 +29,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/heat/values.yaml b/heat/values.yaml index 8ecf0a853e..00fc2f9356 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -223,7 +223,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false @@ -233,7 +233,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30800 @@ -242,7 +242,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30003 diff --git a/horizon/values.yaml b/horizon/values.yaml index 954a0e5ead..a7873625f4 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -38,7 +38,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/ingress/templates/bin/_ingress-controller.sh.tpl b/ingress/templates/bin/_ingress-controller.sh.tpl new file mode 100644 index 0000000000..c2e142bf81 --- /dev/null +++ b/ingress/templates/bin/_ingress-controller.sh.tpl @@ -0,0 +1,25 @@ +#!/bin/sh + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +exec /usr/bin/dumb-init \ + /nginx-ingress-controller \ + --default-backend-service=${POD_NAMESPACE}/ingress-error-pages \ + --configmap=${POD_NAMESPACE}/ingress-conf \ + --tcp-services-configmap=${POD_NAMESPACE}/ingress-services-tcp \ + --udp-services-configmap=${POD_NAMESPACE}/ingress-services-udp diff --git a/ingress/templates/bin/_ingress-error-pages.sh.tpl b/ingress/templates/bin/_ingress-error-pages.sh.tpl new file mode 100644 index 0000000000..240fb18a88 --- /dev/null +++ b/ingress/templates/bin/_ingress-error-pages.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/sh + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +exec /server diff --git a/ingress/templates/rolebinding.yaml b/ingress/templates/configmap-bin.yaml similarity index 60% rename from ingress/templates/rolebinding.yaml rename to ingress/templates/configmap-bin.yaml index 5a561fd378..79508a4ee6 100644 --- a/ingress/templates/rolebinding.yaml +++ b/ingress/templates/configmap-bin.yaml @@ -14,20 +14,16 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.configmap_bin }} {{- $envAll := . }} - -{{- $serviceAccountName := "ingress-api" }} --- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding +apiVersion: v1 +kind: ConfigMap metadata: - name: nginx-ingress-role-nisa-binding - namespace: {{ $envAll.Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: nginx-ingress-role -subjects: - - kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ $envAll.Release.Namespace }} + name: ingress-bin +data: + ingress-controller.sh: |+ +{{ tuple "bin/_ingress-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + ingress-error-pages.sh: |+ +{{ tuple "bin/_ingress-error-pages.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/ingress/templates/nginx-custom-configuration.yaml b/ingress/templates/configmap-conf.yaml similarity index 83% rename from ingress/templates/nginx-custom-configuration.yaml rename to ingress/templates/configmap-conf.yaml index 7dd898e6bd..711aeae4af 100644 --- a/ingress/templates/nginx-custom-configuration.yaml +++ b/ingress/templates/configmap-conf.yaml @@ -14,12 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.configmap_conf }} {{- $envAll := . }} --- apiVersion: v1 kind: ConfigMap metadata: - name: nginx-custom-configuration + name: ingress-conf data: -{{ toYaml .Values.config | indent 2 }} - +{{ toYaml .Values.config.controller | indent 2 }} +{{- end }} diff --git a/ingress/templates/configmap-services-tcp.yaml b/ingress/templates/configmap-services-tcp.yaml new file mode 100644 index 0000000000..e39faee96a --- /dev/null +++ b/ingress/templates/configmap-services-tcp.yaml @@ -0,0 +1,28 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_services_tcp }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ingress-services-tcp +{{- if not (empty $envAll.Values.config.services.tcp) }} +data: +{{ toYaml $envAll.Values.config.services.tcp | indent 2 }} +{{- end }} +{{- end }} diff --git a/ingress/templates/configmap-services-udp.yaml b/ingress/templates/configmap-services-udp.yaml new file mode 100644 index 0000000000..9090b91878 --- /dev/null +++ b/ingress/templates/configmap-services-udp.yaml @@ -0,0 +1,28 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_services_udp }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ingress-services-udp +{{- if not (empty $envAll.Values.config.services.udp) }} +data: +{{ toYaml $envAll.Values.config.services.udp | indent 2 }} +{{- end }} +{{- end }} diff --git a/ingress/templates/deployment-error.yaml b/ingress/templates/deployment-error.yaml index 67c2f2a147..560cb27125 100644 --- a/ingress/templates/deployment-error.yaml +++ b/ingress/templates/deployment-error.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.deployment_error }} {{- $envAll := . }} {{- $dependencies := .Values.dependencies.error_pages }} @@ -54,3 +55,16 @@ spec: timeoutSeconds: 5 ports: - containerPort: 8080 + command: + - /tmp/ingress-error-pages.sh + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-error-pages.sh + subPath: ingress-error-pages.sh + readOnly: true + volumes: + - name: ingress-bin + configMap: + name: ingress-bin + defaultMode: 0555 +{{- end }} diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml index 2ce8b59afd..c3d6f076a7 100644 --- a/ingress/templates/deployment-ingress.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.deployment_ingress }} {{- $envAll := . }} {{- $dependencies := .Values.dependencies.ingress }} @@ -85,6 +86,63 @@ subjects: name: {{ $serviceAccountName }} namespace: {{ $envAll.Release.Namespace }} --- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-ingress-role + namespace: {{ $envAll.Release.Namespace }} +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + # Defaults to "-" + # Here: "-" + # This has to be adapted if you change either parameter + # when launching the nginx-ingress-controller. + - "ingress-controller-leader-nginx" + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - create + - update +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-ingress-role-nisa-binding + namespace: {{ $envAll.Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-ingress-role +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $envAll.Release.Namespace }} +--- {{- if eq .Values.deployment_type "Deployment" }} apiVersion: apps/v1beta1 kind: Deployment @@ -150,7 +208,16 @@ spec: hostPort: 80 - containerPort: 443 hostPort: 443 - args: - - /nginx-ingress-controller - - '--default-backend-service=$(POD_NAMESPACE)/ingress-error-pages' - - --configmap=$(POD_NAMESPACE)/nginx-custom-configuration + command: + - /tmp/ingress-controller.sh + volumeMounts: + - name: ingress-bin + mountPath: /tmp/ingress-controller.sh + subPath: ingress-controller.sh + readOnly: true + volumes: + - name: ingress-bin + configMap: + name: ingress-bin + defaultMode: 0555 +{{- end }} diff --git a/ingress/templates/role.yaml b/ingress/templates/role.yaml deleted file mode 100644 index a33690378b..0000000000 --- a/ingress/templates/role.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- $envAll := . }} - -{{- $serviceAccountName := "ingress-api" }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: nginx-ingress-role - namespace: {{ $envAll.Release.Namespace }} -rules: - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - # Defaults to "-" - # Here: "-" - # This has to be adapted if you change either parameter - # when launching the nginx-ingress-controller. - - "ingress-controller-leader-nginx" - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - create - - update diff --git a/ingress/templates/service-error.yaml b/ingress/templates/service-error.yaml index 7a68959690..a816288cfa 100644 --- a/ingress/templates/service-error.yaml +++ b/ingress/templates/service-error.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.service_error }} {{- $envAll := . }} --- apiVersion: v1 @@ -30,3 +31,4 @@ spec: targetPort: 8080 selector: {{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} diff --git a/ingress/templates/service-ingress.yaml b/ingress/templates/service-ingress.yaml index 8231138ead..c711741c25 100644 --- a/ingress/templates/service-ingress.yaml +++ b/ingress/templates/service-ingress.yaml @@ -14,6 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- if .Values.manifests.service_ingress }} {{- $envAll := . }} --- apiVersion: v1 @@ -34,3 +35,4 @@ spec: targetPort: 443 selector: app: ingress-api +{{- end }} diff --git a/ingress/values.yaml b/ingress/values.yaml index 4d318c6f7d..0d89af64b4 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -20,19 +20,19 @@ images: tags: entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 - # https://github.com/kubernetes/ingress/blob/master/controllers/nginx/Changelog.md - ingress: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.8 + # https://github.com/kubernetes/ingress-nginx/blob/09524cd3363693463da5bf4a9bb3900da435ad05/Changelog.md#090 + ingress: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.9.0 error_pages: gcr.io/google_containers/defaultbackend:1.0 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 pull_policy: "IfNotPresent" pod: affinity: - anti: - type: - default: preferredDuringSchedulingIgnoredDuringExecution - topologyKey: - default: kubernetes.io/hostname + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname replicas: ingress: 1 error_page: 1 @@ -84,4 +84,19 @@ endpoints: deployment_type: DaemonSet config: - enable-underscores-in-headers: "true" + controller: + enable-underscores-in-headers: "true" + services: + tcp: null + udp: + 53: "kube-system/kube-dns:53" + +manifests: + configmap_bin: true + configmap_conf: true + configmap_services_tcp: true + configmap_services_udp: true + deployment_error: true + deployment_ingress: true + service_error: true + service_ingress: true diff --git a/keystone/values.yaml b/keystone/values.yaml index 804918cda0..5f3ead9a96 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -55,7 +55,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/magnum/values.yaml b/magnum/values.yaml index 78b66f2ba4..65fdd28190 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -117,7 +117,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/mistral/values.yaml b/mistral/values.yaml index 6486ace9e8..ed8c444410 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -45,7 +45,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 28989 diff --git a/neutron/values.yaml b/neutron/values.yaml index 78e0f54121..f5faf959db 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -93,7 +93,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false diff --git a/nova/values.yaml b/nova/values.yaml index 95b47d5c2a..efaae534dc 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -116,7 +116,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false @@ -129,7 +129,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / external_policy_local: false node_port: enabled: false @@ -140,7 +140,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30778 diff --git a/rally/templates/ingress-api.yaml b/rally/templates/ingress-api.yaml index 001ba13c57..0036409c7a 100644 --- a/rally/templates/ingress-api.yaml +++ b/rally/templates/ingress-api.yaml @@ -31,8 +31,8 @@ metadata: name: {{ $ingressName }} annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / - ingress.kubernetes.io/proxy-body-size: {{ .Values.network.rally.ingress.proxy_body_size }} + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.network.rally.ingress.proxy_body_size }} spec: rules: {{ if ne $hostNameNamespaced $hostNameFull }} diff --git a/senlin/values.yaml b/senlin/values.yaml index 6c61d008d1..deb21daf5c 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -130,7 +130,7 @@ network: public: true annotations: kubernetes.io/ingress.class: "nginx" - ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/rewrite-target: / node_port: enabled: false port: 30778